CVE-2025-52586
MEDIUMEG4 Electronics Inverters - Cleartext Transmission of Sensitive MOD3 Command Traffic
Title source: llmDescription
The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write operations for voltage, current, and power configuration, operational status, alarms, telemetry, system reset, or inverter control commands, potentially disrupting power generation or reconfiguring inverter settings.
References (3)
Core 3
Core References
Various Sources
https://eg4electronics.com/contact/
Various Sources
https://eg4electronics.com/wp-content/uploads/2025/09/EG4-Wi-Fi-Dongle-Dongle-Firmware-Update.pdf
Third Party Advisory, US Government Resource
https://www.cisa.gov/news-events/ics-advisories/icsa-25-219-07
Scores
CVSS v3
6.9
EPSS
0.0007
EPSS Percentile
0.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-319
Status
published
Products (7)
EG4 Electronics/EG4 12000XP
all versions
EG4 Electronics/EG4 12kPV
all versions
EG4 Electronics/EG4 18kPV
all versions
EG4 Electronics/EG4 6000XP
all versions
EG4 Electronics/EG4 Flex 18
all versions
EG4 Electronics/EG4 Flex 21
all versions
EG4 Electronics/EG4 GridBoss
all versions
Published
Aug 08, 2025
Tracked Since
Feb 18, 2026